5.5

CVE-2022-49549

x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails

In the Linux kernel, the following vulnerability has been resolved:

x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails

In mce_threshold_create_device(), if threshold_create_bank() fails, the
previously allocated threshold banks array @bp will be leaked because
the call to mce_threshold_remove_device() will not free it.

This happens because mce_threshold_remove_device() fetches the pointer
through the threshold_banks per-CPU variable but bp is written there
only after the bank creation is successful, and not before, when
threshold_create_bank() fails.

Add a helper which unwinds all the bank creation work previously done
and pass into it the previously allocated threshold banks array for
freeing.

  [ bp: Massage. ]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.8 < 5.10.121
LinuxLinux Kernel Version >= 5.11 < 5.15.46
LinuxLinux Kernel Version >= 5.16 < 5.17.14
LinuxLinux Kernel Version >= 5.18 < 5.18.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.165
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/396b8e7ab2a99ddac57d3522b3da5e58cb608d37
Patch
https://git.kernel.org/stable/c/9708f1956eeb70c86943e0bc62fa3b0101b59616
Patch
https://git.kernel.org/stable/c/b4acb8e7f1594607bc9017ef0aacb40b24a003d6
Patch
https://git.kernel.org/stable/c/cc0dd4456f9573bf8af9b4d8754433918e809e1e
Patch
https://git.kernel.org/stable/c/e5f28623ceb103e13fc3d7bd45edf9818b227fd0
Patch